From 28702edaf739cdeee54e81efe5868bf00724c33c Mon Sep 17 00:00:00 2001 From: "liang.he" Date: Wed, 14 May 2025 12:43:55 +0800 Subject: [PATCH] Merge commit from fork --- build-scripts/config_common.cmake | 7 ++++- .../libraries/libc-uvwasi/libc_uvwasi.cmake | 30 +++++++------------ .../libc-uvwasi/libc_uvwasi_wrapper.c | 18 +++++++++++ 3 files changed, 34 insertions(+), 21 deletions(-) diff --git a/build-scripts/config_common.cmake b/build-scripts/config_common.cmake index 82d59ba2a..5f7746f6a 100644 --- a/build-scripts/config_common.cmake +++ b/build-scripts/config_common.cmake @@ -279,7 +279,12 @@ else () message (" Libc builtin disabled") endif () if (WAMR_BUILD_LIBC_UVWASI EQUAL 1) - message (" Libc WASI enabled with uvwasi implementation") + message (" Libc WASI enabled with uvwasi implementation\n" + " WANRING:: uvwasi does not currently provide the comprehensive\n" + " file system security properties provided by some WASI runtimes.\n" + " Full support for secure file system sandboxing may or may not\n" + " be implemented in future. In the mean time, DO NOT RELY ON IT\n" + " TO RUN UNTRUSTED CODE.") elseif (WAMR_BUILD_LIBC_WASI EQUAL 1) message (" Libc WASI enabled") else () diff --git a/core/iwasm/libraries/libc-uvwasi/libc_uvwasi.cmake b/core/iwasm/libraries/libc-uvwasi/libc_uvwasi.cmake index fefe0fca2..6919efba2 100644 --- a/core/iwasm/libraries/libc-uvwasi/libc_uvwasi.cmake +++ b/core/iwasm/libraries/libc-uvwasi/libc_uvwasi.cmake @@ -10,7 +10,7 @@ set(CMAKE_POLICY_VERSION_MINIMUM 3.5 FORCE) set (LIBC_WASI_DIR ${CMAKE_CURRENT_LIST_DIR}) -set (LIBUV_VERSION v1.46.0) +set (LIBUV_VERSION v1.51.0) add_definitions (-DWASM_ENABLE_LIBC_WASI=1 -DWASM_ENABLE_UVWASI=1) @@ -29,15 +29,10 @@ else() GIT_REPOSITORY https://github.com/libuv/libuv.git GIT_TAG ${LIBUV_VERSION} ) - FetchContent_GetProperties(libuv) - if (NOT libuv_POPULATED) - message("-- Fetching libuv ..") - FetchContent_Populate(libuv) - include_directories("${libuv_SOURCE_DIR}/include") - add_subdirectory(${libuv_SOURCE_DIR} ${libuv_BINARY_DIR} EXCLUDE_FROM_ALL) - set (LIBUV_LIBRARIES uv_a) - set_target_properties(uv_a PROPERTIES POSITION_INDEPENDENT_CODE 1) - endif() + FetchContent_MakeAvailable(libuv) + include_directories("${libuv_SOURCE_DIR}/include") + set (LIBUV_LIBRARIES uv_a) + set_target_properties(uv_a PROPERTIES POSITION_INDEPENDENT_CODE 1) endif() ## uvwasi @@ -48,17 +43,12 @@ else() FetchContent_Declare( uvwasi GIT_REPOSITORY https://github.com/nodejs/uvwasi.git - GIT_TAG main + GIT_TAG v0.0.21 ) - FetchContent_GetProperties(uvwasi) - if (NOT uvwasi_POPULATED) - message("-- Fetching uvwasi ..") - FetchContent_Populate(uvwasi) - include_directories("${uvwasi_SOURCE_DIR}/include") - add_subdirectory(${uvwasi_SOURCE_DIR} ${uvwasi_BINARY_DIR} EXCLUDE_FROM_ALL) - set (UVWASI_LIBRARIES uvwasi_a) - set_target_properties(uvwasi_a PROPERTIES POSITION_INDEPENDENT_CODE 1) - endif() + FetchContent_MakeAvailable(uvwasi) + include_directories("${uvwasi_SOURCE_DIR}/include") + set (UVWASI_LIBRARIES uvwasi_a) + set_target_properties(uvwasi_a PROPERTIES POSITION_INDEPENDENT_CODE 1) endif() set (UV_A_LIBS ${LIBUV_LIBRARIES} ${UVWASI_LIBRARIES}) diff --git a/core/iwasm/libraries/libc-uvwasi/libc_uvwasi_wrapper.c b/core/iwasm/libraries/libc-uvwasi/libc_uvwasi_wrapper.c index 35d091e78..59616daf6 100644 --- a/core/iwasm/libraries/libc-uvwasi/libc_uvwasi_wrapper.c +++ b/core/iwasm/libraries/libc-uvwasi/libc_uvwasi_wrapper.c @@ -890,6 +890,24 @@ wasi_path_symlink(wasm_exec_env_t exec_env, const char *old_path, if (!uvwasi) return (wasi_errno_t)-1; + /* + * check if old_path is valid. + * if it is a symlink, follow it. + * + * this is a workaround for the fact that + * uvwasi_path_symlink does not check if the old_path is valid + * + * the goal is trigger uvwasi__resolve_path() to check + */ + { + uvwasi_filestat_t filestat = { 0 }; + wasi_errno_t err = + uvwasi_path_filestat_get(uvwasi, fd, UVWASI_LOOKUP_SYMLINK_FOLLOW, + old_path, old_path_len, &filestat); + if (err) + return err; + } + return uvwasi_path_symlink(uvwasi, old_path, old_path_len, fd, new_path, new_path_len); }